This site uses cookies. To find out more, see our Cookies Policy

Application Vulnerability Security Analyst in Santa Clara, CA at Techworkers

Date Posted: 1/6/2019

Job Snapshot

Job Description

The Application Security Analyst works as a member of the Engineering Operations group. Qualified individuals have a strong technical background and a proven ability to conduct vulnerability assessments, penetration tests, software composition analysis, along with the ability to balance multiple projects, meet deadlines with quality, and collaborate successfully with global teams. 

Preferred Skills  • Experience in manual application assessment 
• Experience in other penetration testing 
• Experience in application development 
• DevOps or System Administration experience 
• Application scanning tools (IBM AppScan, AppSpider, Acunetix, Arachni, or others) 
• Dynamic App Analysis tools (Burp, Zaprozy, SQLMap, BeEF, DAVtest, dirb, fierce, curl, wget, hping, and others) 
• Other security tools like Metasploit, John the Ripper, Ncrack, SET, Wireshark, tcpdump, theHarvester, Maltego, WebSploit, PSExec, Powershell Empire, and others 
• Static Analysis tools like IBM AppScan, Fortify, Veracode, Checkmarx 
• An ability to script or customize attack code as needed is a plus 
• Ability to assist in coding of custom automations of security tasks is a plus 
• Ability to assist in review of security eventsto evaluate risk they present is a plus 
• Ability to assist with escalated malware analysis is a plus 
• Cyber security tiger or red team experience highly preferred. 
• Ability to read security log entries and identify attacks is required Primary Responsibilities  • Perform application and system vulnerability assessment scanning 
• Ability to manually validate scan results to remove false positives, redundant, or duplicate data as well as to test for additional classes of vulnerabilities scanners can’t report is a plus 
• Provide timely and detailed reports, with proofs of findings, analysis of risk, and remediation advise and instructions 
• Meet with application, engineering, server and network teams to discuss vulnerability remediation. The technical ability to review source code and provide examples of how to fix vulnerabilities, and/or to give clear instructions including commands to app teams managing servers or helpdesk staff is preferred 
• Provide timely rescans and tests for potential new vectors to teams working to resolve vulnerabilities 
• Utilize a ticketing system to report standard vulnerabilities and work with teams to ensure they are resolved. Responsibilities • Application Security Analyst conducts Software Composition Analysis, Static, Dynamic Application Security Testing to assist in engineering a secure solution in accordance with policies, procedures, standards and best practices. The Security Analyst analyzes and tests the environment against the requirements, recommends remediation of identified vulnerabilities. 
• Previous experience as security practitioner in a specific discipline in research, consulting or operations role. 
• Knowledge of a variety of real world attack and mitigation types. 
• Experience performing manual and automated code review and penetration tests for complex applications. 
• Manage vulnerability assessment results for codebases in the organization, including participating in the triage of results and integration with bug tracking systems (JIRA). 
• Knowledge of Applications and System Development Security, Security Management Practices, Access Controls, Security Architecture and Modeling, Cryptography 
• Runs vulnerability scans for applications using various commercial and open source tools. 
• Conduct internal manual penetration test of applications to detect vulnerabilities of applications, comfortable with Burp Suite and Kali Linux 
• Work with local and remote Subject Matter Experts, Customer Care, and other stakeholders to ensure accuracy of vulnerability findings 
• New Product Assessments – Performs a security analysis of Open Source and COTS solutions to determine the cost/benefit of installing them in the operations. 
• Duties may also include providing guidance on secure software engineering techniques such as writing secure code. 
• Simultaneously handle multiple tasks and projects 
• Work with teammates to develop standards, templates, information architecture, and to ensure the security of products

Job Requirements

Required Skills/Experience • Knowledge of OWASP Top 10 and SANS Top 25 Software Weaknesses 
• Certification and/or training in Application Vulnerability Assessment, Pen Testing and Software Composition Analysis. 
• Recognized industry level security certification such as CISSP, CSSLP, CEH, GWAPT, GSEC, GCIA, GPEN, CGWN, CXPN, CEH or PWK, highly desirable 
• Analyze, understand, and provide remediation plans for active threats and vulnerabilities. 
• Automation mindset with scripting ability (e.g. Python, Bash, Ruby, Java others) to develop automation for generation of benchmark and best practices 
• Capable of describing the necessary concepts, technologies and functionality using the right vocabulary at the right level of abstraction 
• Comfortable with complex undocumented requirements and independent task research 
• Knowledge of Big Data, security, clustering, or server installation is desirable 
• Professional, organized, and independent 
• Reliable, self-motivated, and flexible individual who can collaborate well in a fast-paced environment 
• Able to meet deadlines related to scheduled content updates, content changes for immediate release to customers and prospects, and software release dates 
• Experience working with remote subject matter experts 
• Excellent written and verbal communication skills in a team environment 
• 5+ years of experience in application security 
• 4-year college degree in Computer Science, Technical Communication, or related discipline Qualifications • Preferred candidates 5 + years of technical experience in the fields of secure application development, or cyber security operations
• Must be able to work independently and in a team environment 
• Security certs such as SANS GIAC, GWEB, GPEN or GIAC, Offensive Security OSWE, or ISC CSSLP are a plus 
• 2+ year college degree or final year enrollment to obtain a degree in a field such as Computer science or related is preferred.